When should you NOT use API Mocking?

Avoid mocking as a substitute for contract or integration tests — mocks can drift from the real API silently. Do not mock at the HTTP level in integration tests that are specifically meant to verify end-to-end behaviour. Avoid over-specifying mock responses — brittle mocks that encode every response field break when the API evolves.

When is API Mocking the right choice?

Unit testing code that calls external HTTP APIs — mocks remove network dependency and make tests deterministic. Developing a consumer before the provider API is ready — a mock server lets both teams work in parallel. Testing error and edge-case responses (timeouts, 429, 503) that are hard to trigger against a real service.

← Back to glossary

API Mocking

api_design Intermediate

Also Known As

API mock Prism WireMock Mockoon Guzzle MockHandler

TL;DR

Prism (OpenAPI mock server), WireMock (HTTP stub server), Mockoon (GUI), and Guzzle MockHandler for PHP unit tests — enabling testing without real API calls.

Explanation

API mocking tools: Prism — generates a mock server from an OpenAPI spec instantly, returning example responses. WireMock — record real API calls and replay them, or configure stub responses with delays and error simulation. Mockoon — desktop GUI for managing mock APIs. PHP unit tests: Guzzle MockHandler intercepts HTTP at the client level — no actual network connection made. Use cases: test error scenarios (429, 503, timeouts) that are hard to trigger with real APIs, CI without external service dependencies, and frontend development before the backend is ready.

Common Misconception

✗ Mocking APIs in tests means making HTTP calls to a local mock server — for unit tests, Guzzle MockHandler intercepts at the HTTP client level without any network connection; mock servers are for integration tests and frontend development.

Why It Matters

CI tests that make real API calls are slow, flaky (depend on external service availability), and create test data in production systems — HTTP client mocks make tests fast, deterministic, and isolated.

Common Mistakes

Real API calls in unit tests — slow, flaky, require network, create production test data
Mock responses that don't match the actual API spec — tests pass but integration fails
Not testing error scenarios — real APIs fail; mocks must simulate 429, 503, network timeouts
Outdated mock responses — mocks must be updated when the real API contract changes

Avoid When

Avoid mocking as a substitute for contract or integration tests — mocks can drift from the real API silently.
Do not mock at the HTTP level in integration tests that are specifically meant to verify end-to-end behaviour.
Avoid over-specifying mock responses — brittle mocks that encode every response field break when the API evolves.

When To Use

Unit testing code that calls external HTTP APIs — mocks remove network dependency and make tests deterministic.
Developing a consumer before the provider API is ready — a mock server lets both teams work in parallel.
Testing error and edge-case responses (timeouts, 429, 503) that are hard to trigger against a real service.

Code Examples

💡 NoteThe Guzzle MockHandler queues a pre-built response so the mailer test verifies logic and headers without any real network call or SMTP server.

✗ Vulnerable

// Real HTTP calls in unit test — slow and fragile:
public function testSendConfirmationEmail(): void {
    $mailer = new SendGridMailer(API_KEY); // Real SendGrid client
    $result = $mailer->send($email);       // Real HTTP call to SendGrid!
    $this->assertTrue($result->success);
    // Fails if: no internet, SendGrid down, API key invalid, rate limited
}

✓ Fixed

// Guzzle MockHandler — no HTTP in unit tests:
public function testSendConfirmationEmail(): void {
    $mock    = new MockHandler([new Response(202, [], json_encode(['id'=>'test-123']))]);
    $client  = new Client(['handler' => HandlerStack::create($mock)]);
    $mailer  = new SendGridMailer($client); // Injected mock client
    $result  = $mailer->send($email);
    $this->assertTrue($result->success);
    $this->assertSame('test-123', $result->messageId);
    // Fast, deterministic, no network, no side effects
}

References

↗ https://docs.stoplight.io/docs/prism/

Tags

api-design testing tooling

Added 16 Mar 2026

Edited 31 Mar 2026

Curated in Warsaw under one editorial standard. 1,444 terms, single voice. About this reference →

Rate this term

No ratings yet

🤖 AI Guestbook educational data only

| |

Last 30 days

Agents 0

No pings yet today

No pings yesterday

Amazonbot 13 Perplexity 6 Google 4 Ahrefs 2 Unknown AI 2 Meta AI 1

Also referenced

API Contract Testing 32 Integration Testing 28 Mocking Best Practices (PHPUnit & Mockery) 23 API Documentation 20

How they use it

crawler 25 crawler_json 3

Related categories

testing 2.5k api_design 486

⚡ DEV INTEL Tools & Severity

🟡 Medium ⚙ Fix effort: Medium

⚡ Quick Fix

Use WireMock or Mockery HTTP stubs for integration tests against external APIs — never hit real external APIs in test suites; record real responses once and replay them

📦 Applies To

any web cli

🔗 Prerequisites

Integration Testing API Contract Testing Unit Testing

🔍 Detection Hints

Integration tests hitting real external APIs; test suite failing due to third-party API downtime; no HTTP client mock/stub in test setup

Auto-detectable: ✗ No wiremock mockery guzzle-mock php-vcr

⚠ Related Problems

Integration Testing API Contract Testing Flaky Tests

🤖 AI Agent

Confidence: Low False Positives: Medium ✗ Manual fix Fix: Medium Context: File Tests: Update